Always find way to train your mind to think like an attacker.
Shortly after I got this job in retail (I think my first year was when I was 17) and had the training experience I mentioned in my last post, I started to find ways to work my brain to think like a hacker even though I was a cashier.
This meant when the cash register froze and had to be restarted I paid attention and saw the cash register was running Windows CE, I paid attention to which keys were on it’s keyboard and where a USB port was exposed.
I watched the card readers to see if someone tried to add a skimmer, I paid attention for fake IDs. This is because you can return something without a recipt if you had some government ID.
The biggest thing I did though was look at the ipod touch credit card swipers.
Think of it like a heavy duty sqaure (I think that’s what it’s called)
It monitored the iPod touch by GPS and was connected to a wireless network and let you do card transactions.
The idea was if their was a big line for the cash register I could do out and do card transactions like that, or I want to be a crazy salesman I could go on the floor and use that to push people into buying.
It was also useful when you needed to find the price of something on the floor.
So since I had never seen such a device for an iPod touch i started to research it.
I also started to enumerate the apps on the device, etc.
I found these applications I had never heard of so I did research on that. I also saw it was connected to a WEP Wi-Fi connection…
That at the time would’ve taken 5 minutes to crack (literally)
With just a change of perspective and thinking like an attacker, a new job in retail, can start to look a lot more interesting…
Find value in everything you do towards your ultimate goal!
Check out the entries in this series!
- So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #4
- So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #3
- So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #2
- So you want to be a penetration tester, security consultant, ethical hacker, red teamer or any other offensive cyber security professional? #1
END TRANSMISSION
I love that story! I actually started thinking a lot about the security of my own Job currently. I had noticed the Wi-Fi password for both the Warehouse, and the HQ Offices are *EXACTLY* the same.
Knowing the HQ is the main part of the business; if someone were to get the Wi-Fi password off the wall, posted at the warehouse, and go to the HQ-….Tsk..
You get the idea..
It’s scary to think about how little effort people put into the security in businesses.
Post it notes with passwords is common! Maybe I’ll make a post about some places I’ve seen them!